[minigraph parser] Fix minigraph parser issue when handling LAG related ACL table configuration

[keboliu]

- What I did

Fix minigraph parser issue when handling LAG related case for ACL table:

1. Previously when attach ACL to a LAG port, it will break the LAG into member ports and then add all these member ports to the ACL table, correct way shall add LAG interface direcly to ACL table.
2. When handling 'erspan' table, it just add all the front panel interfaces to the ACL table, but in some topo like T1-LAG, some front panel interfaces already added to LAG port, attach ACL to these front panel ports will fail.
3. Give a warning when detected trying to attach ACL to LAG member interface
4. Update the "test_minigraph_acl" test expectation in test_cfggen.py

- How I did it

1. Stop breaking LAG port into member ports when in the case to attach ACL to LAG port.
2. When handling 'erspan' table, if front panel port already been added to LAG, add the LAG instead of the front panel port.
3. Raise warning against configuration that attach ACL to LAG member interface.

- How to verify it

sonic-cfggen test during build.
run ACL and Everflow test on different topo.

- Description for the changelog

Changes to be committed:
modified: src/sonic-config-engine/minigraph.py
modified: src/sonic-config-engine/tests/test_cfggen.py

signed-off-by [email protected]

- A picture of a cute animal (not mandatory but encouraged)

[prsunny]

Can you rephrase this to something like below:

Warning: ACL DATAACL is attached to a LAG "member interface" Ethernet112, instead of LAG interface

Current message appears less understandable.

Warning: ACL DATAACL is attached to a LAG member interface Ethernet112, shall attach to the LAG interface

[keboliu]

rephrased the warning message.

[prsunny]

Parser code changes looks fine to me. However, in some iterations of the test, it was observed ACL table creation failed if port-channel interface is not created by then. Suggest to handle this scenario by subscribing to STATE DB and create ACL Table when port-channel interfaces are created.

Apr 23 20:58:58.383154 str-z9100-acs-2 ERR orchagent: :- processPorts: Failed to process port. Port PortChannel0001 doesn't exist
Apr 23 20:58:58.383505 str-z9100-acs-2 ERR orchagent: :- doAclTableTask: Failed to process table ports for table DATAACL
Apr 23 20:58:58.383505 str-z9100-acs-2 ERR orchagent: :- doAclTableTask: Failed to create ACL table. Table configuration is invalid
Apr 23 20:58:58.383505 str-z9100-acs-2 ERR orchagent: :- processPorts: Failed to process port. Port PortChannel0001 doesn't exist
Apr 23 20:58:58.383505 str-z9100-acs-2 ERR orchagent: :- doAclTableTask: Failed to process table ports for table EVERFLOW
Apr 23 20:58:58.383950 str-z9100-acs-2 ERR orchagent: :- doAclTableTask: Failed to create ACL table. Table configuration is invalid

[keboliu]

@prsunny agree need to handle the case that portchannel interface go up later than ACL Table loaded.

[keboliu]

@prsunny @lguohan for the port-channel interface creation later than ACL table load case, do you think should also go to this PR or a separated PR?

[prsunny]

You may have to make changes in sonic-swss for handling this case. IMO, that will be a separate PR and once ready, the two PRs can be merged along with submodule update.

[liatgrozovik]

The last comment was handled in sonic-net/sonic-swss#494